Hi,
I am working on setting up alerts based on query thresholds. I am currently checking for failed ssh login attempts. I was able to set it up to pass the alert to NAgiosxi using NRDP. The alerts are getting to xi and emails are sent. The problem I am running into is that there is no real data that gets passed other than the name of the service, i.e. SSH failed logins.
I currently run log scraping in xi and when there is a failed login, it will show some detail such as the host and the user. Is there a way to pass more detail over to xi. It would be great to be able to pass the logsource and some type of message or even a link to NLS with the query.
Also, are there better ways to send alerts than to xi through NRDP? The preference is to have stuff go through xi so that we have a single pain of glass.
Thanks,
David
Manage Alerting with xi and NRDP
-
jolson
- Attack Rabbit
- Posts: 2560
- Joined: Thu Feb 12, 2015 12:40 pm
Re: Manage Alerting with xi and NRDP
I agree - we just added macros that you can use with outbound emails, hopefully attaching those macros to NRDP won't be a huge feat. Would you like me to put in a feature request for this functionality?I currently run log scraping in xi and when there is a failed login, it will show some detail such as the host and the user. Is there a way to pass more detail over to xi. It would be great to be able to pass the logsource and some type of message or even a link to NLS with the query.
I do want to mention that there is a Nagios Log Server wizard that allows you to query the NLS API from Nagios xi - which makes the check active as opposed to NRDP (which is passive).Also, are there better ways to send alerts than to xi through NRDP? The preference is to have stuff go through xi so that we have a single pain of glass.
Let me know if you have any other questions, thanks!
-
dworthcsl
- Posts: 95
- Joined: Wed Jan 11, 2012 4:00 pm
Re: Manage Alerting with xi and NRDP
Do you have any details on the macros? I can give that a try. BTW - when creating the alert on NLS, it only executed when I initiated it. It did not run on its own. Its currently set to run 5m and the lookback is set to 5m.
I will also try the active check using the wizard. I saw it, but was not sure how it was going to work.
Thanks
I will also try the active check using the wizard. I saw it, but was not sure how it was going to work.
Thanks
-
dworthcsl
- Posts: 95
- Joined: Wed Jan 11, 2012 4:00 pm
Re: Manage Alerting with xi and NRDP
Oh also forgot, can you put in a feature request. That would be a huge help for oncall. We do not have a NOC.
-
jolson
- Attack Rabbit
- Posts: 2560
- Joined: Thu Feb 12, 2015 12:40 pm
Re: Manage Alerting with xi and NRDP
No problem - the macros are present in Nagios Log Server version 1.4.0 (our latest release). They are located here: The macros can be used as follows:Do you have any details on the macros? I can give that a try. BTW - when creating the alert on NLS, it only executed when I initiated it. It did not run on its own. Its currently set to run 5m and the lookback is set to 5m.
Code: Select all
%time% The time the alert was sent
%alertname% The name of the alert that is sending a message
%state% The state of the alert, OK, WARNING, CRITICAL, UNKNOWN
%lookback% The alert lookback period (example: 5m)
%warning% The warning threshold value
%critical% The critical threshold value
%output% The command line check output
%url% The url for the alert to be ran in the NLS dashboard
%uniquehosts% A newline separated list of unique hosts in the alert query.
Example:
192.68.1.5 (28)
192.168.5.112 (1220)
The value inside the parentheses is the amount of matching logs for the alert time period for the hosts.
%lastalertlog% The last log from the alert query.
Can only use one of %lastalertlog% OR %last10alertlogs% per email.
%last10alertlogs% The last 10 logs from the alert query.
Can only use one of %lastalertlog% OR %last10alertlogs%s per email.Jesse
You do not have the required permissions to view the files attached to this post.
-
dworthcsl
- Posts: 95
- Joined: Wed Jan 11, 2012 4:00 pm
Re: Manage Alerting with xi and NRDP
Thanks. for the macro info. Do the macros just apply to email alerts coming directly from NLS or is it possible to send that info back to xi through the passive nrdp check or active check? I created an active check using the wizard and its having the same result. No detailed information other than x matching entries found.
-
jolson
- Attack Rabbit
- Posts: 2560
- Joined: Thu Feb 12, 2015 12:40 pm
Re: Manage Alerting with xi and NRDP
Unfortunately the macros only apply to email alerts coming directly from NLS for now - I have put in a feature request on your behalf to see if we can migrate some of the macros over to NRDP as well. Thanks for the good suggestion!Do the macros just apply to email alerts coming directly from NLS or is it possible to send that info back to xi through the passive nrdp check or active check?
-
dworthcsl
- Posts: 95
- Joined: Wed Jan 11, 2012 4:00 pm
Re: Manage Alerting with xi and NRDP
Hi Jesse
Thanks for putting that in. I hope that is something that can happen sooner than later. I am trying to make this as seem less as possible.
Regards,
David
Thanks for putting that in. I hope that is something that can happen sooner than later. I am trying to make this as seem less as possible.
Regards,
David
-
jolson
- Attack Rabbit
- Posts: 2560
- Joined: Thu Feb 12, 2015 12:40 pm
Re: Manage Alerting with xi and NRDP
No problem! The developers have been very good about implementing feature requests into Nagios Log Server, hopefully this one is easy enough to do quickly! May I close this thread?
-
dworthcsl
- Posts: 95
- Joined: Wed Jan 11, 2012 4:00 pm
Re: Manage Alerting with xi and NRDP
Yea you can close. Thanks again.